Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-5688 (GCVE-0-2024-5688)
Vulnerability from cvelistv5 – Published: 2024-06-11 12:40 – Updated: 2024-08-01 21:18
VLAI
EPSS
Summary
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use-after-free in JavaScript object transplant
- CWE-416 - Use After Free
Assigner
References
6 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 127
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 115.12
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 115.12
(custom)
|
|
| mozilla | firefox_esr |
Affected:
0 , < 115.12
(custom)
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
|
| mozilla | thunderbird |
Affected:
0 , < 115.12
(custom)
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:* |
|
| mozilla | firefox |
Affected:
0 , < 127
(custom)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
Credits
Lukas Bernhard
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "127",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T03:55:33.756963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:52:03.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895086"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lukas Bernhard"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12."
}
],
"value": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free in JavaScript object transplant",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T18:15:54.759Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895086"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-5688",
"datePublished": "2024-06-11T12:40:12.457Z",
"dateReserved": "2024-06-06T15:05:01.970Z",
"dateUpdated": "2024-08-01T21:18:07.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-5688",
"date": "2026-06-07",
"epss": "0.01155",
"percentile": "0.78896"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5688\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-06-11T13:15:50.347\",\"lastModified\":\"2025-04-04T23:46:14.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\"},{\"lang\":\"es\",\"value\":\"Si se activ\u00f3 una recolecci\u00f3n de basura en el momento adecuado, podr\u00eda haberse producido un use-after-free durante el trasplante de objetos. Esta vulnerabilidad afecta a Firefox \u0026lt; 127 y Firefox ESR \u0026lt; 115.12.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.12\",\"matchCriteriaId\":\"D355C34D-4006-4255-B767-0EC32BDD4409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"127.0\",\"matchCriteriaId\":\"4CF5E7C8-8673-4B56-AF92-44C08B086E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.12\",\"matchCriteriaId\":\"96ED58CE-9E3C-4354-AB12-0F26C5906650\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1895086\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-25/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-26/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-28/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1895086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-25/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-26/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-28/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1895086\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-25/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-26/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-28/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:18:07.039Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5688\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-14T03:55:33.756963Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"firefox_esr\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"115.12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"115.12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"127\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-12T19:44:37.109Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Lukas Bernhard\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"127\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.12\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.12\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1895086\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-25/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-26/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-28/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Use-after-free in JavaScript object transplant\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-06-21T18:15:54.759Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-5688\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:18:07.039Z\", \"dateReserved\": \"2024-06-06T15:05:01.970Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-06-11T12:40:12.457Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2024:3954
Vulnerability from osv_almalinux
Published
2024-06-17 00:00
Modified
2024-06-19 09:10
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.12.0 ESR.
Security Fix(es):
-
firefox: Use-after-free in networking (CVE-2024-5702)
-
firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)
- firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)
- firefox: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)
- firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)
- firefox: Memory Corruption in Text Fragments (CVE-2024-5696)
- firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.12.0-1.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.12.0 ESR.\n\nSecurity Fix(es):\n \n* firefox: Use-after-free in networking (CVE-2024-5702)\n\n* firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)\n* firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)\n* firefox: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)\n* firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)\n* firefox: Memory Corruption in Text Fragments (CVE-2024-5696)\n* firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700) \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:3954",
"modified": "2024-06-19T09:10:34Z",
"published": "2024-06-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:3954"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5688"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5690"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5691"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5693"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5700"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5702"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291394"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291395"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291397"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291399"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291400"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291401"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-3954.html"
}
],
"related": [
"CVE-2024-5702",
"CVE-2024-5688",
"CVE-2024-5690",
"CVE-2024-5691",
"CVE-2024-5693",
"CVE-2024-5696",
"CVE-2024-5700"
],
"summary": "Important: firefox security update"
}
alsa-2024:3955
Vulnerability from osv_almalinux
Published
2024-06-17 00:00
Modified
2024-06-19 09:12
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.12.0 ESR.
Security Fix(es):
-
firefox: Use-after-free in networking (CVE-2024-5702)
-
firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)
- firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)
- firefox: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)
- firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)
- firefox: Memory Corruption in Text Fragments (CVE-2024-5696)
- firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.12.0-1.el9_4.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "firefox-x11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.12.0-1.el9_4.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.12.0 ESR.\n\nSecurity Fix(es):\n \n* firefox: Use-after-free in networking (CVE-2024-5702)\n\n* firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)\n* firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)\n* firefox: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)\n* firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)\n* firefox: Memory Corruption in Text Fragments (CVE-2024-5696)\n* firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700) \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:3955",
"modified": "2024-06-19T09:12:22Z",
"published": "2024-06-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:3955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5688"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5690"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5691"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5693"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5700"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5702"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291394"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291395"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291397"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291399"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291400"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291401"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-3955.html"
}
],
"related": [
"CVE-2024-5702",
"CVE-2024-5688",
"CVE-2024-5690",
"CVE-2024-5691",
"CVE-2024-5693",
"CVE-2024-5696",
"CVE-2024-5700"
],
"summary": "Important: firefox security update"
}
alsa-2024:4002
Vulnerability from osv_almalinux
Published
2024-06-20 00:00
Modified
2024-06-20 13:53
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.12.1.
Security Fix(es):
- thunderbird: Use-after-free in networking (CVE-2024-5702)
- thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)
- thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)
- thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)
- thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)
- thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)
- thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.12.1-1.el9_4.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.12.1.\n\nSecurity Fix(es):\n\n* thunderbird: Use-after-free in networking (CVE-2024-5702)\n* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)\n* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)\n* thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)\n* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)\n* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)\n* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:4002",
"modified": "2024-06-20T13:53:09Z",
"published": "2024-06-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:4002"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5688"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5690"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5691"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5693"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5700"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5702"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291394"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291395"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291397"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291399"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291400"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291401"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-4002.html"
}
],
"related": [
"CVE-2024-5702",
"CVE-2024-5688",
"CVE-2024-5690",
"CVE-2024-5691",
"CVE-2024-5693",
"CVE-2024-5696",
"CVE-2024-5700"
],
"summary": "Important: thunderbird security update"
}
alsa-2024:4036
Vulnerability from osv_almalinux
Published
2024-06-20 00:00
Modified
2024-06-21 07:20
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.12.1.
Security Fix(es):
- thunderbird: Use-after-free in networking (CVE-2024-5702)
- thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)
- thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)
- thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)
- thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)
- thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)
- thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.12.1-1.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.12.1.\n\nSecurity Fix(es):\n\n* thunderbird: Use-after-free in networking (CVE-2024-5702)\n* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)\n* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)\n* thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)\n* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)\n* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)\n* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:4036",
"modified": "2024-06-21T07:20:21Z",
"published": "2024-06-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:4036"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5688"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5690"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5691"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5693"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5700"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5702"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291394"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291395"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291397"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291399"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291400"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291401"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-4036.html"
}
],
"related": [
"CVE-2024-5702",
"CVE-2024-5688",
"CVE-2024-5690",
"CVE-2024-5691",
"CVE-2024-5693",
"CVE-2024-5696",
"CVE-2024-5700"
],
"summary": "Important: thunderbird security update"
}
CERTFR-2024-AVI-0482
Vulnerability from certfr_avis - Published: 2024-06-12 - Updated: 2024-06-12
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.12 | ||
| Mozilla | Firefox | Firefox versions antérieures à 127 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.12",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 127",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5701"
},
{
"name": "CVE-2024-5693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5693"
},
{
"name": "CVE-2024-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5699"
},
{
"name": "CVE-2024-5700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5700"
},
{
"name": "CVE-2024-5691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5691"
},
{
"name": "CVE-2024-5697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5697"
},
{
"name": "CVE-2024-5690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5690"
},
{
"name": "CVE-2024-5687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5687"
},
{
"name": "CVE-2024-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5702"
},
{
"name": "CVE-2024-5689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5689"
},
{
"name": "CVE-2024-5694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5694"
},
{
"name": "CVE-2024-5698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5698"
},
{
"name": "CVE-2024-5692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5692"
},
{
"name": "CVE-2024-5696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5696"
},
{
"name": "CVE-2024-5695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5695"
},
{
"name": "CVE-2024-5688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5688"
}
],
"initial_release_date": "2024-06-12T00:00:00",
"last_revision_date": "2024-06-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0482",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-25",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-26",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/"
}
]
}
CERTFR-2024-AVI-0493
Vulnerability from certfr_avis - Published: 2024-06-14 - Updated: 2024-06-24
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.12 | ||
| Mozilla | Firefox | Firefox pour iOS versions antérieures à 127 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 115.12 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.12",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 127",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 115.12",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5693"
},
{
"name": "CVE-2024-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38313"
},
{
"name": "CVE-2024-5700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5700"
},
{
"name": "CVE-2024-5691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5691"
},
{
"name": "CVE-2024-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38312"
},
{
"name": "CVE-2024-5690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5690"
},
{
"name": "CVE-2024-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5702"
},
{
"name": "CVE-2024-5692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5692"
},
{
"name": "CVE-2024-5696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5696"
},
{
"name": "CVE-2024-5688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5688"
}
],
"initial_release_date": "2024-06-14T00:00:00",
"last_revision_date": "2024-06-24T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0493",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-14T00:00:00.000000"
},
{
"description": "Ajout de Thunderbird dans les produits affect\u00e9s",
"revision_date": "2024-06-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2024-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-28",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/"
},
{
"published_at": "2024-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-27",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-27/"
}
]
}
Title
Mozilla Firefox释放后重用漏洞(CNVD-2024-29144)
Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozilla Firefox存在释放后重用漏洞,攻击者可利用该漏洞在系统上执行任意代码。
Severity
高
Patch Name
Mozilla Firefox释放后重用漏洞(CNVD-2024-29144)的补丁
Patch Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozilla Firefox存在释放后重用漏洞,攻击者可利用该漏洞在系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.mozilla.org/security/advisories/mfsa2024-25/
Reference
https://www.mozilla.org/security/advisories/mfsa2024-25/
Impacted products
| Name | ['Mozilla Firefox <127', 'Mozilla Firefox ESR <115.12', 'Mozilla Thunderbird <115.12'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-5688",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-5688"
}
},
"description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-25/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-29144",
"openTime": "2024-06-27",
"patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff08CNVD-2024-29144\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c127",
"Mozilla Firefox ESR \u003c115.12",
"Mozilla Thunderbird \u003c115.12"
]
},
"referenceLink": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
"serverity": "\u9ad8",
"submitTime": "2024-06-14",
"title": "Mozilla Firefox\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff08CNVD-2024-29144\uff09"
}
FKIE_CVE-2024-5688
Vulnerability from fkie_nvd - Published: 2024-06-11 13:15 - Updated: 2025-04-04 23:46
Severity
Summary
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1895086 | Exploit, Issue Tracking | |
| security@mozilla.org | https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html | Mailing List, Third Party Advisory | |
| security@mozilla.org | https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html | Mailing List, Third Party Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-25/ | Vendor Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-26/ | Vendor Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-28/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1895086 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2024-25/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2024-26/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2024-28/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "D355C34D-4006-4255-B767-0EC32BDD4409",
"versionEndExcluding": "115.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF5E7C8-8673-4B56-AF92-44C08B086E02",
"versionEndExcluding": "127.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96ED58CE-9E3C-4354-AB12-0F26C5906650",
"versionEndExcluding": "115.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12."
},
{
"lang": "es",
"value": "Si se activ\u00f3 una recolecci\u00f3n de basura en el momento adecuado, podr\u00eda haberse producido un use-after-free durante el trasplante de objetos. Esta vulnerabilidad afecta a Firefox \u0026lt; 127 y Firefox ESR \u0026lt; 115.12."
}
],
"id": "CVE-2024-5688",
"lastModified": "2025-04-04T23:46:14.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T13:15:50.347",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895086"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-G23M-H4V3-G2QQ
Vulnerability from github – Published: 2024-06-11 15:31 – Updated: 2024-07-03 18:44
VLAI
Details
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
Severity
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2024-5688"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T13:15:50Z",
"severity": "HIGH"
},
"details": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127 and Firefox ESR \u003c 115.12.",
"id": "GHSA-g23m-h4v3-g2qq",
"modified": "2024-07-03T18:44:46Z",
"published": "2024-06-11T15:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5688"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895086"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-26"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
OPENSUSE-SU-2024:14044-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaFirefox-127.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: MozillaFirefox-127.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the MozillaFirefox-127.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14044
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.7 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
47 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2024-5687/ | self |
| https://www.suse.com/security/cve/CVE-2024-5688/ | self |
| https://www.suse.com/security/cve/CVE-2024-5689/ | self |
| https://www.suse.com/security/cve/CVE-2024-5690/ | self |
| https://www.suse.com/security/cve/CVE-2024-5691/ | self |
| https://www.suse.com/security/cve/CVE-2024-5692/ | self |
| https://www.suse.com/security/cve/CVE-2024-5693/ | self |
| https://www.suse.com/security/cve/CVE-2024-5694/ | self |
| https://www.suse.com/security/cve/CVE-2024-5695/ | self |
| https://www.suse.com/security/cve/CVE-2024-5696/ | self |
| https://www.suse.com/security/cve/CVE-2024-5697/ | self |
| https://www.suse.com/security/cve/CVE-2024-5698/ | self |
| https://www.suse.com/security/cve/CVE-2024-5699/ | self |
| https://www.suse.com/security/cve/CVE-2024-5700/ | self |
| https://www.suse.com/security/cve/CVE-2024-5701/ | self |
| https://www.suse.com/security/cve/CVE-2024-5687 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5688 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5689 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5690 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5691 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5692 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5693 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5694 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5695 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5696 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5697 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5698 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5699 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5700 | external |
| https://bugzilla.suse.com/1226027 | external |
| https://www.suse.com/security/cve/CVE-2024-5701 | external |
| https://bugzilla.suse.com/1226027 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaFirefox-127.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaFirefox-127.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14044",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14044-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5687 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5688 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5689 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5690 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5691 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5692 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5693 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5694 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5695 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5696 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5697 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5698 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5699 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5700 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5701/"
}
],
"title": "MozillaFirefox-127.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14044-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-devel-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.aarch64",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-devel-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-127.0-1.1.s390x",
"product_id": "MozillaFirefox-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.s390x",
"product_id": "MozillaFirefox-devel-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.s390x",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.s390x",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-devel-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-translations-common-127.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-127.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-127.0-1.1.x86_64",
"product_id": "MozillaFirefox-translations-other-127.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-127.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-127.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5687"
}
],
"notes": [
{
"category": "general",
"text": "If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the `Referer` and `Sec-*` headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5687",
"url": "https://www.suse.com/security/cve/CVE-2024-5687"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5687",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5687"
},
{
"cve": "CVE-2024-5688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5688"
}
],
"notes": [
{
"category": "general",
"text": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5688",
"url": "https://www.suse.com/security/cve/CVE-2024-5688"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5688",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5688"
},
{
"cve": "CVE-2024-5689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5689"
}
],
"notes": [
{
"category": "general",
"text": "In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the \u0027My Shots\u0027 button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5689",
"url": "https://www.suse.com/security/cve/CVE-2024-5689"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5689",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5689"
},
{
"cve": "CVE-2024-5690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5690"
}
],
"notes": [
{
"category": "general",
"text": "By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user\u0027s system. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5690",
"url": "https://www.suse.com/security/cve/CVE-2024-5690"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5690",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5690"
},
{
"cve": "CVE-2024-5691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5691"
}
],
"notes": [
{
"category": "general",
"text": "By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5691",
"url": "https://www.suse.com/security/cve/CVE-2024-5691"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5691",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5691"
},
{
"cve": "CVE-2024-5692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5692"
}
],
"notes": [
{
"category": "general",
"text": "On Windows 10, when using the \u0027Save As\u0027 functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5692",
"url": "https://www.suse.com/security/cve/CVE-2024-5692"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5692",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5692"
},
{
"cve": "CVE-2024-5693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5693"
}
],
"notes": [
{
"category": "general",
"text": "Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5693",
"url": "https://www.suse.com/security/cve/CVE-2024-5693"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5693",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5693"
},
{
"cve": "CVE-2024-5694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5694"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5694",
"url": "https://www.suse.com/security/cve/CVE-2024-5694"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5694",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5694"
},
{
"cve": "CVE-2024-5695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5695"
}
],
"notes": [
{
"category": "general",
"text": "If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5695",
"url": "https://www.suse.com/security/cve/CVE-2024-5695"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5695",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5695"
},
{
"cve": "CVE-2024-5696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5696"
}
],
"notes": [
{
"category": "general",
"text": "By manipulating the text in an `\u0026lt;input\u0026gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5696",
"url": "https://www.suse.com/security/cve/CVE-2024-5696"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5696",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5696"
},
{
"cve": "CVE-2024-5697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5697"
}
],
"notes": [
{
"category": "general",
"text": "A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5697",
"url": "https://www.suse.com/security/cve/CVE-2024-5697"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5697",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5697"
},
{
"cve": "CVE-2024-5698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5698"
}
],
"notes": [
{
"category": "general",
"text": "By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5698",
"url": "https://www.suse.com/security/cve/CVE-2024-5698"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5698",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5698"
},
{
"cve": "CVE-2024-5699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5699"
}
],
"notes": [
{
"category": "general",
"text": "In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5699",
"url": "https://www.suse.com/security/cve/CVE-2024-5699"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5699",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5699"
},
{
"cve": "CVE-2024-5700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5700"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 127, Firefox ESR \u003c 115.12, and Thunderbird \u003c 115.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5700",
"url": "https://www.suse.com/security/cve/CVE-2024-5700"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5700",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5700"
},
{
"cve": "CVE-2024-5701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5701"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 127.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5701",
"url": "https://www.suse.com/security/cve/CVE-2024-5701"
},
{
"category": "external",
"summary": "SUSE Bug 1226027 for CVE-2024-5701",
"url": "https://bugzilla.suse.com/1226027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-127.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-127.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-5701"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…